Gitlab: Difference between revisions

(4 intermediate revisions by 3 users not shown)

Line 5:

== Installation ==

~~A minimal local installation of Gitlab might look like this~~

=== Generate Secrets ===

sudo install -d -m 0700 /var/lib/gitlab/secrets

sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordPrimaryKey'

sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordDeterministicKey'

sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordSalt'

sudo chown -R gitlab:gitlab /var/lib/gitlab/secrets

sudo chmod 700 /var/lib/gitlab/secrets

sudo chmod 0600 /var/lib/gitlab/secrets/*

</syntaxhighlight>

<~~syntaxHighlight~~ lang="nix">

=== Nix Configuration ===

services.gitlab = {

<syntaxhighlight lang="nix">services.gitlab = {

enable = true;

databasePasswordFile = pkgs.writeText "dbPassword" "zgvcyfwsxzcwr85l";

Line 17:

Line 26:

dbFile = pkgs.writeText "dbsecret" "we2quaeZ";

jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";

activeRecordPrimaryKeyFile = "/var/lib/gitlab/secrets/activeRecordPrimaryKey";

activeRecordDeterministicKeyFile = "/var/lib/gitlab/secrets/activeRecordDeterministicKey";

activeRecordSaltFile = "/var/lib/gitlab/secrets/activeRecordSalt";

};

Line 32:

Line 44:

services.openssh.enable = true;

systemd.services.gitlab-backup.environment.BACKUP = "dump";

systemd.services.gitlab-backup.environment.BACKUP = "dump";</syntaxhighlight>

</~~syntaxHighlight~~>

After applying the configuration head to http://localhost and login with username <code>root</code> and the password specified in <code>initialRootPasswordFile</code>.

Line 156:

Line 167:

IdentitiesOnly yes

PreferredAuthentications publickey

Note: If you want to just be able to copy the url from the clone Gitlab menu consider changing the git user to the generated "gitlab" user or create some other user yourself. See gitlabs reference [https://docs.gitlab.com/omnibus/settings/configuration/#change-the-name-of-the-git-user-or-group Change the name of the git user or group]

Line 162:

Line 176:

* [[Gitea]], a web app, Git development repository and project management.

* [[Forgejo]], a web application offers Git development repositories and project management. Community fork of Gitea.

[[Category:Server]]

[[Category:Web Applications]]

[[Category:NixOS Manual]]

@@ Line 5: / Line 5: @@
 == Installation ==
-A minimal local installation of Gitlab might look like this
+=== Generate Secrets ===
+<syntaxhighlight lang="bash">
+sudo install -d -m 0700 /var/lib/gitlab/secrets
+sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordPrimaryKey'
+sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordDeterministicKey'
+sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordSalt'
+sudo chown -R gitlab:gitlab /var/lib/gitlab/secrets
+sudo chmod 700 /var/lib/gitlab/secrets
+sudo chmod 0600 /var/lib/gitlab/secrets/*
+</syntaxhighlight>
-<syntaxHighlight lang="nix">
+=== Nix Configuration ===
-services.gitlab = {
+<syntaxhighlight lang="nix">services.gitlab = {
    enable = true;
    databasePasswordFile = pkgs.writeText "dbPassword" "zgvcyfwsxzcwr85l";
@@ Line 17: / Line 26: @@
      dbFile = pkgs.writeText "dbsecret" "we2quaeZ";
      jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
+    activeRecordPrimaryKeyFile       = "/var/lib/gitlab/secrets/activeRecordPrimaryKey";
+    activeRecordDeterministicKeyFile = "/var/lib/gitlab/secrets/activeRecordDeterministicKey";
+    activeRecordSaltFile             = "/var/lib/gitlab/secrets/activeRecordSalt";
    };
 };
@@ Line 32: / Line 44: @@
 services.openssh.enable = true;
-systemd.services.gitlab-backup.environment.BACKUP = "dump";
+systemd.services.gitlab-backup.environment.BACKUP = "dump";</syntaxhighlight>
-</syntaxHighlight>
 After applying the configuration head to http://localhost and login with username <code>root</code> and the password specified in <code>initialRootPasswordFile</code>.
@@ Line 156: / Line 167: @@
      IdentitiesOnly yes
      PreferredAuthentications publickey
+Note: If you want to just be able to copy the url from the clone Gitlab menu consider changing the git user to the generated "gitlab" user or create some other user yourself. See gitlabs reference [https://docs.gitlab.com/omnibus/settings/configuration/#change-the-name-of-the-git-user-or-group Change the name of the git user or group]
 <references />
@@ Line 162: / Line 176: @@
 * [[Gitea]], a web app, Git development repository and project management.
+* [[Forgejo]], a web application offers Git development repositories and project management. Community fork of Gitea.
 [[Category:Server]]
 [[Category:Web Applications]]
 [[Category:NixOS Manual]]